$5 device can hijack even a locked computer in just 30 seconds
Samy Kamkar’s PoisonTap, a $5 Raspberry Pi zero device, can hack into any password protected computer by creating a backdoor which can invade any privacy tactics.
We are now more vulnerable than ever.
Samy kamkar is an American privacy and security researcher, hacker, whistle-blower and entrepreneur. Right after plugging Pi Zero into USB port, the device bypasses all forms of security and invades all the data.
No matter how strong you think your password is, PoisonTap can dodge anything. Scary, isn’t it? So, how does it work? After plugging PoisonTap in USB port, your laptop or desktop assumes that it’s connected to Ethernet and so it starts to send all the data and encrypted internet traffic to the micro-controller.
The device then begins stealing and siphoning the HTTP cookies and your web sessions for Alexa top 1,000,000 sites. Even two-factor authentication (2FA) won’t work here. 2FA adds an extra layer of security. Besides asking for your password and username, it also requires something that only the user knows so that makes it harder to steal someone’s identity. Backdoor remains open even after PoisonTap is removed so hackers can remotely access.
There’s just one caveat with PoisonTap design that it requires the browser to keep running on a locked device. But again, most of us don’t even bother to close our browsers before shutting the lid.
A few safety measures can be taken by users to protect themselves from any invasion of privacy:
- Make sure that you close your web browser before shutting down
- Hibernate you PC, don’t just put it to sleep. Hibernation suspends all the running processes.
- Clear your cache regularly because PoisonTap also poisons the web cache
- Use HTTPS instead of HTTP
- Always ensure that secure flag is enabled on cookies
Never leave you PCs unattended. Better safe than sorry.